API Documentation

Free REST API for auditing OpenClaw skills. No authentication required.

Base URL

https://api.clauwdit.4worlds.dev

Rate Limits

60 requests per minute per IP. Results are cached for 1 hour.

GET /audit/:slug

Audit a skill by its registry slug.

Example

curl https://api.clauwdit.4worlds.dev/audit/adboio/agentmail

Query Parameters

Param	Type	Description
`format`	string	Set to `"oneliner"` for a compact one-line summary

POST /audit

Audit a skill by slug, URL, or repo reference.

Example

curl -X POST https://api.clauwdit.4worlds.dev/audit \
  -H "Content-Type: application/json" \
  -d '{"skill": "adboio/agentmail"}'

Request Body

Field	Type	Description
`skill`	string	Skill slug, GitHub URL, or repo reference (required)
`format`	string	Set to `"oneliner"` for compact output

GET /health

Health check endpoint.

Response

{ "status": "ok", "version": "0.1.0" }

Response Format

Full audit responses include:

{
  "trust": {
    "score": 85,
    "tier": "Trusted",
    "emoji": "✅",
    "description": "No significant issues."
  },
  "skill": {
    "name": "example-skill",
    "version": "1.0.0"
  },
  "findings": [
    {
      "severity": "medium",
      "category": "network",
      "description": "Network request detected",
      "zone": "code",
      "line": 12
    }
  ],
  "capabilities": [
    "network_out",
    "file_read"
  ],
  "compoundThreats": [],
  "permissionIntegrity": {
    "undeclared": [],
    "unused": []
  },
  "summary": {
    "total": 1,
    "critical": 0,
    "high": 0,
    "medium": 1,
    "low": 0
  }
}

Trust Tiers

Score	Tier	Meaning
80-100	Trusted	No significant issues found
60-79	Caution	Minor concerns, review recommended
40-59	Risky	Significant issues, use with caution
0-39	Dangerous	Critical threats detected, do not install

CORS

All endpoints support CORS. You can call the API directly from browser JavaScript.